The International Code of Conduct Association (ICoCA) has released its draft Certification Principles and Procedure for vote by the members of its General Assembly from the private security industry, civil society, and government pillars. When the vote is finalized by June 29, and assuming the Certification Procedure is approved by a majority of each pillar, this will represent an important step for the ICoCA in executing its role as an oversight authority overseeing implementation of the International Code of Conduct (ICoC). The ICoC was completed in 2010 and lays out a set of human rights and humanitarian law principles regarding the conduct of private security company personnel as well as commitments regarding management and governance.

The certification procedure was a long time in the making as Board representatives from the three pillars and the ICoCA Secretariat worked with each other to find consensus in particular with regard to the ICoCA’s position on certification to PSC.1 – short hand for the ANSI/ASIS PSC.1-2012 Management System for Quality of Private Security Company Operations. However, this vote does not fully address that issue at this time, but rather seeks approval for the process to assess any national or international standard presented to the ICoCA for consideration. As laid out in Article 11.2.1 of the ICoCA Articles of Association:

“The Board shall define the certification requirements based on national or international standards and processes that are recognized by the Board as consistent with the Code and specifying any additional information relevant to the human rights and humanitarian impact of operations it deems necessary for assessing whether a company’s systems and policies meet the requirements of the Code and its readiness to participate in the Association”

The draft Certification Procedure lays out the process the Certification Committee will undertake before the Board decides whether to recognize a standard:

Step 1:

A Member can submit any standard related to security operations as a potential pathway to certification.

Step 2:

If a standard is accepted for consideration, the Committee will evaluate the content of the standard against the ICoC as well as the process by which a company is certified. A draft Certification Assessment Framework for purposes of such an analysis was also released, with the full analysis of PSC.1 to follow at a later date. The Framework is not subject to vote. Whatever gaps the assessment reveals can serve as the basis for defining the “additional information relevant to the human rights and humanitarian impact of operations.” A draft Certification Additional Information Requirement for PSC.1 reveals where consensus has emerged about what that additional information likely will be for PSC.1, although the document will not be finalized until after the vote on the Certification Procedure is completed. In its current form companies will need to provide:

The certificate with the scope of their certification by an accredited certification body.

A range of documents with regards to subcontractors’ uptake of the ICoC’s commitments, screening and vetting of personnel, anti-discrimination policies, and competency reviews and training of personnel.

With regard to the HRRIA, a draft HRRIA assessment framework was also released. It contains a series of Yes/No questions and requests to evidence references in company policies. It is divided up between process questions – regarding the frequency of HRRIAs, the involvement of relevant internal and external stakeholders, and implementation of HRRIA findings – and a series of substantive questions relating to internal controls and policies and specific human rights provisions of the ICoC. The HRRIA assessment framework is an effort to assess whether a company’s HRRIA covers many of the commitments laid out in the ICoC with regard to conduct of personnel, human rights, and management and governance. The framework will also be finalized at a later date; however, at this point it is unclear what benchmarks the ICoCA will use to determine the acceptability of answers and how it will assess the accuracy of information submitted.

Step 3:

If a standard is deemed to be consistent with the ICoC, the Committee will draft a Recognition Statement which will include the additional information identified by the Committee based on the Assessment Framework. The draft statement will be made available for public comment.

Step 4:

After considering the comments, the Board will decide whether to accept the standard and publish a Recognition Statement. One consideration that may factor into whether a standard is consistent with the ICoC is “practical considerations relating to the ability of the ICoCA to effectively assess the Additional Information associated with a standard.” It will soon be seen whether this consideration is an issue in the assessment of the ISO 28007-1: 2015 Ships and marine Technology: Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract), which is the next standard the ICoCA will analyze. As we argued before, that standard still has some significant human rights shortcomings which will surely generate a good bit of information for the ICoCA.

Step 5:

After a Recognition Statement has been released, member companies can seek ICoCA certification by evidencing certification to the recognized standard by an independent, accredited certification body. A company will provide to the Secretariat the certificate and the additional information detailed in the Recognition Statement, and the Secretariat will review the materials and make a recommendation to the Board whether to approve a company for ICoCA certification. If the Secretariat has concerns about a member company’s ability to gain approval, it can engage that company in discussions to clarify what additional steps and information may be needed to gain approval. Prior to casting its vote the Board can request the Secretariat to elicit additional information from a company, if it deems this necessary to its ability to cast a vote on ICoCA certification.

If all goes well, and the Board votes to grant ICoCA certification to a company, that certification will have the same scope as the certification provided by the independent, accredited certification body. ICoCA certifications will be valid for a period of three years, as is the case for certification to PSC.1. In keeping with its role to foster industry best practices, the Secretariat can provide companies Advisory Comments to assist them with ICoC implementation.

The finalization of the certification procedure is a big step forward in ensuring governance and oversight of the ICoC. While the road ahead is still long, with the ICoCA tackling monitoring and reporting procedures as its next task, relative to other industries operating in complex environments, the private security industry is demonstrating that it is willing to actually subject itself to audits and evidence that it is implementing human rights standards.